When AI Codes in Hours - But Security Fixes Still Take Months

Veracode's CISO Sohail Iqbal on Why AppSec Programs Must Be Continuous Michael Novinson (MichaelNovinson) • July 2, 2025

Generative artificial intelligence accelerates code writing, with tools capable of creating applications in hours compared to the months through traditional software development. This speed has created a critical disparity between code creation and security remediation.

See Also: Beyond Replication & Versioning: Securing S3 Data in the Face of Advanced Ransomware Attacks

"Gen AI is your best friend at that point, because if you're leveraging gen AI to produce code at a massive speed to support your business, then make sure you shift security programs also to replicate that momentum," said Sohail Iqbal, CISO at Veracode.

Traditional metrics used for vulnerability management, such as how many vulnerabilities were found and patched, fail to capture real risk exposure. Instead, Iqbal urges CISOs to focus on "what was the most impactful and what has ...